TCP/IP Port Exhaustion

Issue symptom

Only one usage of each socket address (protocol/network address/port) is normally permitted error appears in Nginx web server access log while MetaDefender Core is operating on Windows OS. There could possibly be a few reasons causing:

  • Running out of available ports for new connections.
  • Each closed port has a delay time (WAIT_TIME) before being re-used for another new connection, but in some cases, the delay time is too long. As the result we don't have port available for new connections.

Solution

A. Increasing port range

On Windows, by default the number of available ports is 5000 and maximum can be set is 65534.

1. Use command line

Check how much port can be used by running command:

Copy

Example output:

Copy

To adjust default values, use command:

Copy

Restart Windows OS to apply new settings

2. Use registry

  • Follow the path HKLM\System\CurrentControlSet\Services\Tcpip\Parameters
  • Choose Edit → New → DWORD (32-bit) Value and enter MaxUserPort
  • Right click and choose Modify on the new key
  • Set your desired number
  • Restart Windows OS to apply new settings

B. Decreasing TCP wait time

Default value is 4 minutes and can be set to lower e.g. 30 seconds (however, if you are using synchronous scan mode, then decreasing TCP wait time shall not be ideal)

  • Follow the path KLM\System\CurrentControlSet\Services\Tcpip\Parameters in Registry
  • Choose Edit → New → DWORD (32-bit) Value and enter TcpTimedWaitDelay
  • Right click and choose Modify on the new key
  • Set number of seconds to wait (e.g. 30)
  • Restart Windows OS to apply new settings

References

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Archive Compression Engine Permanently Failed on MetaDefender Core v4
On This Page
TCP/IP Port ExhaustionIssue symptomSolutionA. Increasing port range1. Use command line2. Use registryB. Decreasing TCP wait timeReferences